def secret_admin(admin_id):
admin = RedisRegistry.load(admin_id, Admin)
secret = RedisRegistry.load(admin.secret_id, Secret) if admin else False
if secret:
sms_form = SendPassphrase()
email_form = SendSecretLink()
burn_form = BurnSecretForm()
if sms_form.submit_sms.data and sms_form.validate():
flash('SMS sent!')
if email_form.submit_email.data and email_form.validate():
flash('Email sent!')
send_secret_link_email(recivers=[email_form.email.data], secret=secret)
if burn_form.submit.data and burn_form.validate():
if RedisRegistry(secret).destroy():
current_app.logger.debug(request.form)
flash('Secret destroyed!')
return redirect(url_for('secret.index'))
return render_template('secrets/secret_admin.html',
secret=secret,
secret_id=secret.obj_id,
admin_id=admin_id,
email_form=email_form,
sms_form=sms_form,
burn_form=burn_form
)
abort(404)
def index():
form = SecretForm()
if form.validate_on_submit():
secret = Secret(secret_value=form.secret.data, ttl=form.ttl.data, passphrase=form.passphrase.data)
try:
RedisRegistry(secret).save()
admin = Admin.create_admin(secret)
RedisRegistry(admin).save()
except ConnectionError as e:
current_app.logger.error(e)
return 500
flash('Secret created!')
return redirect(url_for('secret.secret_admin', admin_id=admin.obj_id))
return render_template('secrets/index.html', title=_('Create your secret now!'), form=form)
def test_admin_page(self):
data = {
'secret': 'TestSecret',
'ttl': '1',
}
s = Secret(secret_value=data['secret'], ttl=int(data['ttl']))
a = Admin.create_admin(s)
RedisRegistry(s).save()
RedisRegistry(a).save()
admin_id = a.obj_id
keys_count = len(self.app.redis.keys())
response = self.app_client.get(url_for('secret.secret_admin',
admin_id=admin_id),
follow_redirects=True)
self.assertEqual(response.status_code, 200)
self.assertEqual(keys_count, len(self.app.redis.keys()))
def read_secret(secret_id: str):
s = RedisRegistry.load(secret_id, Secret)
if s:
passphrase = True if s.passphrase else False
current_app.logger.debug('Secret exists and passphrase state is: ' + str(passphrase))
else:
passphrase = True
current_app.logger.debug('Secret doesnt exist')
form = ReadSecretForm()
if form.validate_on_submit():
if not s:
current_app.logger.debug('Form is valid but secret doesn\'t exist')
return json.dumps({'secret': False}), 404
from html import escape
secret = s.read(passphrase=form.passphrase.data)
current_app.logger.debug('Secret is: ' + str(secret))
if secret:
RedisRegistry(s).destroy()
return json.dumps({'secret': escape(secret)})
else:
return json.dumps({'secret': False}), 404
return render_template('secrets/secret.html', passphrase=passphrase, secret_id=secret_id, form=form)
def test_delete_secret_with_passphrase(self):
data = {
'secret': 'TestSecret',
'ttl': '1',
'passphrase': 'Test',
}
s = Secret(secret_value=data['secret'],
ttl=int(data['ttl']),
passphrase=data['passphrase'])
a = Admin.create_admin(s)
RedisRegistry(s).save()
RedisRegistry(a).save()
keys_count = len(self.app.redis.keys())
response = self.app_client.post(url_for('secret.secret_admin',
admin_id=a.obj_id),
follow_redirects=True,
data={
'submit': 'Burn the Secret!',
})
self.assertEqual(keys_count - 1, len(self.app.redis.keys()))
self.assertEqual(response.status_code, 200)
response = self.app_client.get(
url_for('secret.secret_admin', admin_id=a.obj_id))
self.assertNotEqual(response.status_code, 200)
def test_read_secret_with_passphrase(self):
data = {'secret': 'TestSecret', 'ttl': '1', 'passphrase': 'empty'}
s = Secret(secret_value=data['secret'],
ttl=int(data['ttl']),
passphrase=data['passphrase'])
RedisRegistry(s).save()
secret_id = s.obj_id
keys_count = len(self.app.redis.keys())
response = self.app_client.get(url_for('secret.read_secret',
secret_id=secret_id),
follow_redirects=True)
self.assertEqual(keys_count, len(self.app.redis.keys()))
self.assertEqual(response.status_code, 200)
response = self.app_client.post(url_for('secret.read_secret',
secret_id=secret_id),
data=data)
self.assertEqual(keys_count - 1, len(self.app.redis.keys()))
self.assertEqual(response.status_code, 200)
self.assertEqual(
loads(response.get_data(as_text=True))['secret'], data['secret'])